Deliver a unified experience to cut through the noise, get noticed, and attract customers.
The Business Problem
One of the large E-commerce sites in North America approached AANNEX with numerous issues and concerns with their aging IT systems.
AANNEX created an IT audit and recommendations report that identified several key elements that could be improved to help the business be more efficient, improve system security and reliability while at the same time reducing the risk of downtime. The key points highlighted from the review were:
■ The Server hardware was several years old and not supported by the manufacturer and high cost of licenses.
■ E-commerce service provider must keep all data for up to eight years, however, no central backup and archive strategy was in place.
■ Several Servers were running AIX 5.0 OS which no longer supported by IBM and therefore not patched with security updates.
■ Our customer did not have remote access to the IT system, but this is a function that was needed by the business.
■ Due to the rural office location, power cuts are common, and with an on-premises IT system, this caused business disruption on a regular basis.
■ There was no business class firewall in place to secure the network from intrusion.
■ Work load migration to hybrid Cloud with 55% Re-host, 15% Re-factor and Re-platform and 30% move to SaaS based solution (i.e. 0356 email, Office suite, backup and archiving, SharePoint, dynamics)
One of the key drivers was to keep capital expenditure to a minimum, operation uptime high and keep the costs firmly in the expense column allowing easy budgeting without having to worry about changing the IT system every few years.
As an IT strategic partner, AANNEX helped North American E-Commerce site to determine the best options to cost effectively resolve all IT issues and refresh the IT infrastructure at the same time.
How We Do It
All the applications in the All-stream data center are slated to relocate either to client’s owned data to the Public Cloud. One of the largest North American e-Commerce applications is to be migrated to the Azure Public Cloud.
The e-commerce system and offers vast assortment of exclusive products and top brand names to its customers. As one of Canada’s most innovative and diversified retailers, Our Customer incorporates entertainment, inspiration, personalities, and industry leaders to provide a unique shopping experience, where customers find exceptional selections in Health & Beauty, Jewelry, Home/Lifestyle, Fashion/Accessories, and Electronics.
Be a Retailer Customers can Trust
With a unified commerce system, all your business information (from prices, to items, to inventory availability) is maintained in one place, the ERP. All the touchpoints, including your eCommerce portal, communicate with it, and pull up information in real time. You do not need to click anywhere, or import any data: the system does it, automatically. With zero effort, the information you show on your website is always consistent and up to date. So, you will not risk disappointing customers by selling them an item that is already out of stock.
Use a pre-set Integration for eCommerce Sites
We have partnered with some of the best-known global eCommerce platform providers to offer out-of-the box integrations. We have already done the hard lifting – our Customer were enjoying the seamless communication between channels and the single, clear view of their customers and products. Zero effort, no costly integrations, no time wasted. It is on us. Our official alliance means that all features and upgrades will be automatically delivered to our system without having to lift a finger.
True Omni-channel Shopping
Let our customers decide how, where and when they want to order and receive their purchases. All our customer’s channels are in sync, and they can manage them as exactly what our customers expect.
- Click & collect buy online and pick up in store
- Buy online and get the items delivered.
- Return items bought online in any physical store.
- Exchange products bought online in any store.
- Collect and use loyalty points in the eCommerce and physical stores.
The purpose of this project was to migrate the All-Stream DC to Azure Public Cloud. The application and its Development, QA, DR environments will all be hosted within Azure Canada East Region with and Production in Azure Canada Central region.
All Servers will be deployed as Virtual machines and to be behind azure load balancer and in different availability sets to ensure no down time occurs during failure or update process. The VMs will be configured from the standard marketplace Windows Server 2016 image and identified as Hybrid Use Benefit (HUB). Configuration management and deployment is initiated at first boot.
The Web tier will reside in the web tier subnet, the application tier will reside in the app subnet and the DB will reside in the DB subnets. Each subnet is represented as NSG. An Azure load balancer instances will be configured to load balance across the virtual machines for each tier.
Web Servers Storage
The VMs will be configured with an additional disk attached. This disk must be configured (scripts to be run at boot) to store IIS logs and any additional logs.
The Storage Type will be Standard, locally redundant storage (magnetic storage). A Standard, locally redundant data disk will be attached to the VMs but will not be initialized. This is provided for use as a log storage location and can be configured using the Desired State Configuration which will be loaded by the VM when initialized.
Disks will be provisioned using the Managed Disks feature.
App Servers Storage
The virtual machines configured in the production and pre-production deployments of the application tier will be configured to use Premium/standard, locally redundant Storage for all disks, to receive the 99.9% availability SLA from Microsoft. To achieve 99.95% SLA, a minimum of two servers in a load-balanced configuration is required.
The application servers will make use of bitlocker.
The SQL tier includes the infrastructure required for SQL Always On Availability Groups:
- 2 servers for SQL 2014 Instances (Read/Write).
- 2 servers for SQL 2014 Instances (Read only).
- 2 servers for SQL 2014 Instance (Third party application database)
- 2 servers for SQL 2014 Instance (DBD)
Data/Database tier Storage
The SQL servers will make use of standard, locally redundant storage for the operating system. Premium, locally redundant storage will be used for the data disks to provide improved I/O performance.
Disks will be provisioned using the Managed Disks feature. Native encryption (TDE) on SQL 2014 Database will be used with Azure Key vault. Along with bitlocker encryption for the disks.
Key vaults provisioned for Production and Non-Production Environments to support the following activities:
- Azure Disk Encryption (enabling Bitlocker functionality for Azure virtual machines)
- TLS certificate management for the web application
- Extensible Key Management to support Transparent Data Encryption in SQL Server 2014 (and separate management of data from management of encryption keys)
Azure Disk Encryption
A Key Vault provisioned in each environment to hold the BitLocker Encryption keys. This Key Vaults can be used in the future to store additional information, such as secrets (passwords used for deployments including local administrator configuration or database connection strings) and keys (such as SSL certificates and similar).
Virtual networks created for each environment, isolating the management of the network. Peering configured to enable all the development networks to access the Shared services VNET. Shared services VNET hosted for security services and common services.
Three Network Security Groups configured for each network. They will all reference the same templated security rules, regardless of the environment, to ensure consistency.
The VPN and Application Gateway subnets have network security groups assigned. Firewall rules on the VPN connections was enforced by the on-premises device.
Rules with lower numbers are processed first and override rules with higher numbers where applicable. Rules starting at 65000 are default rules and cannot be disabled, but they can be overridden.
The End Result
The outcome of the project for Our customer is a new Cloud based IT system to drive the business over the next 4-5 years with reduced IT management complexity. The IT system has been migrated to an easily accessible central platform that can be accessed from anywhere in the world.
AANNEX successfully planned, managed and delivered the IT systems refresh project and deployed new hardware, software and licensing plans, which consisted of the following key deliverables:
■ Deployment of Cloud Infrastructure
■ Data transfer from existing server
■ Migration all workload into Cloud and re-platform and rehost options were taken for consideration.
■ Installation of Firewalls and data encryption in rest and motion to protect the local network and secure data between the customer and the Hybrid Cloud regions.
■ Decommissioning of legacy Server and databases
■ A central backup strategy was put in place to ensure all data was backed up as per the client’s legal requirements
■ Unlimited Archiving and Key vault were used.